Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Readme
Argon2 won the Password Hashing Competition and argon2-cffi is the simplest way to use it in Python:
>>> from argon2 import PasswordHasher
>>> ph = PasswordHasher()
>>> hash = ph.hash("correct horse battery staple")
>>> hash # doctest: +SKIP
'$argon2id$v=19$m=65536,t=3,p=4$MIIRqgvgQbgj220jfp0MPA$YfwJSVjtjSU0zzV/P3S9nnQ/USre2wvJMjfCIjrTQbg'
>>> ph.verify(hash, "correct horse battery staple")
True
>>> ph.check_needs_rehash(hash)
False
>>> ph.verify(hash, "Tr0ub4dor&3")
Traceback (most recent call last):
...
argon2.exceptions.VerifyMismatchError: The password does not match the supplied hash
The InvalidHash
exception is deprecated in favor of InvalidHashError
.
No plans for removal currently exist and the names can (but shouldn't) be used interchangeably.
argon2.hash_password()
, argon2.hash_password_raw()
, and argon2.verify_password()
that have been soft-deprecated since 2016 are now hard-deprecated.
They now raise DeprecationWarning
s and will be removed in 2024.
Official support for Python 3.11 and 3.12. No code changes were necessary.
argon2.exceptions.InvalidHashError
as a replacement for InvalidHash
.
salt parameter to argon2.PasswordHasher.hash()
to allow for custom salts.
This is only useful for specialized use-cases -- leave it on None unless you know exactly what you are doing.
#153
argon2-cffi is maintained by Hynek Schlawack.
The development is kindly supported by my employer Variomedia AG, argon2-cffi Tidelift subscribers, and my amazing GitHub Sponsors.
Available as part of the Tidelift Subscription.
The maintainers of argon2-cffi and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open-source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.
FAQs
Argon2 for Python
We found that argon2-cffi demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.